BrightCloud Threat Report Shines Light on Increasing Ransomware Threats
BrightCloud Threat Intelligence recently published its 2022 BrightCloud Threat Report. The report provides valuable insights into current cyber attack trends based on threat intelligence generated by BrightCloud. The report also validates the powerful protection that ThreatBlockr customers receive as the BrightCloud IP Reputation feed continues to be one of the core commercial cyber intelligence feeds that customers receive as part of their subscription. (As a side note, in ThreatBlockr the BrightCloud feed is part of Threat Lists and is listed as Webroot BrightCloud. Webroot and BrightCloud are owned by OpenText.)
In this blog, we will review some of the key highlights from the report as well as some insights into the power of BrightCloud’s threat intelligence.
Phishing & Ransomware Remain Top Threats
Not surprisingly, phishing and ransomware continue to be top threats facing organizations. In reality, phishing and ransomware attacks are related as phishing is commonly the initial step in a broader attack like ransomware. The report indicates that top brands that continue to be “phish bait” are Apple, Microsoft, and Google.
BrightCloud sees ransomware as the biggest threat facing small and midsize businesses with the primary vectors of infection being Remote Desktop Protocol (RDP) and email phishing. In 2021, BrightCloud found that 82% of ransomware attacks targeted organizations with less than 1,000 employees and organizations of 100 employees or less comprised 44% of all ransomware victims.
As far as ransomware payments, BrightCloud pointed to these increasing at an “astonishing rate.” Average ransomware payments for 2021 were $322,168 more than double the 2020 level of $154,108.
Source: 2022 BrightCloud Threat Report
The report also highlighted the fact that 2021 saw some of the largest ransomware demands ever with $70 million for the Kaseya attack, $50 million for Quanta Computer and $40 million for CNA Financial.
In order to defend against ransomware attacks, BrightCloud believes it is essential to adopt a layered security approach. This is 100% consistent with our view at ThreatBlockr as we believe that a layered approach is critical to cyber defense in general. It’s also consistent with the “best practice” approach we see from ThreatBlockr customers that deploy our solution as an essential component of a security stack.
Malicious IP Attacks
In 2021, BrightCloud saw the average number of malicious IPs at any moment remaining consistent at nearly four million. BrightCloud also provides some interesting data points by analyzing the top 50,000 IPs including:
- Each IP was convicted in at least two threat categories throughout the year and of these same IPs, 96.5% were convicted in either three or four threat categories.
- Only 6% of the top 50,000 were observed performing malicious actions in every month of 2021 although they represented 34% of total convictions. 54.1% were only active for three months or less. These statistics validate the fact that IPs tend to be used by attackers for a short period of time.
- Top threat categories included Spam, Windows Exploits, Botnets, Scanners, and Proxies.
- The top 50,000 IP addresses originated from 175 different countries with 80% of them from 20 countries. Over 50% were in one of five countries including China, U.S., India, Vietnam, and Russia.
Source: 2022 BrightCloud Threat Report
How BrightCloud Generates Its High Value Threat Intelligence
BrightCloud generates threat intelligence using a proprietary machine learning-based architecture that powers all Webroot protection and BrightCloud services. The scale of the telemetry that BrightCloud generates threat intelligence from is nothing short of impressive.
Data is generated from over 95 million real-world endpoints and sensors, specialized third-party databases, and intelligence from end users protected by its technology partners. BrightCloud categorizes over one billion, evaluates over 43 billion URLs, and over four million IP addresses, including all IPv4 and in-use IPv6. This data is analyzed by the BrightCloud threat research team, which analyzes and interprets the data using advanced machine learning and artificial intelligence.
BrightCloud Threat Intelligence + ThreatBlockr = Active Cyber Defense
The 2022 BrightCloud Threat Report validates the continued need for organizations to protect themselves from a continued increase in cyber attacks including phishing, ransomware, and other threats. Not only are the volumes of attacks increasing but the costs of attacks, and specifically ransomware attacks continue to increase significantly.
At ThreatBlockr we believe that defending against cyber attacks requires organizations to proactively use cyber intelligence from multiple sources to block known threats. This includes cyber intelligence from commercial threat intelligence providers like BrightCloud, open source, government, and industry cyber intelligence.
As part of the ThreatBlockr platform, we provide access to over 50 leading sources of cyber intelligence as part of the subscription. We also provide access to additional sources through our Cyber Intelligence Marketplace. Last but not least, we make it easy for our customers to integrate cyber intelligence from any source using over 50 connectors.